Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.

Notices

Welcome to LinuxQuestions.org, a friendly and active Linux Community.

You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!

Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.

If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.

Having a problem logging in? Please visit this page to clear all LQ-related cookies.

Introduction to Linux - A Hands on Guide

This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.

I am setting up a Firewall/Proxy server for our church. Proxy is to provide a limited amount of web filtering. The two people who help me have very little to no experience with Linux of any kind so I am trying to set these up with a GUI interface available (will boot run level 3) for them. I admin AIX but also use SuSE and Red Hat. My questions are:
A) Which type of Linux will best meet these requirements. I am not limited to the above types. I am looking for simple and easy to install and easy for those helping me to manage.
B) With limited exposure is there any extreme risk to not do both the firewall and proxy on the same server.
C) I plan to use iptables for firewall. Suggestions for a good GUI interface to this?
D) I plan to use DansGuardian for the proxy. Thoughts/suggestions/am I crazy for doing this?

Given the fact you have others involved with little/no linux experience it might be wise to use a mini-distro specifically designed to provide these services, instead.

WebGUI-based administration, relatively easy proxy configuration, and the ability to perform a complete restoration from backup in the event of hardware failure are all possible with many of these distro's.

IPCop (http://ipcop.sourceforge.net) is one of the most popular and easiest-to-use freely-available linux-based firewall distro's. It's a very reliable and stable iptables-based solution, and can be configured to work with DansGuardian as well. It's a great setup--I really recommend you check it out.

I was a long-time IPCop user, but now implement a few other solutions in clients' offices, depending on their requirements.

pfSense (http://www.pfsense.org) is a FreeBSD-based firewall platform which is a fork of the m0n0wall project. It provides some pretty advanced features, including failover between multiple machines, and the ability to run from a bootable CD with a configuration saved on a USB key (great for non-proxy setups where no real HD is needed). It uses pf (the *BSD packet filter) instead of iptables, but you would not notice this as it's also WebGUI-based and you really don't need to use the command line past the initial configuration/installation. It provides a bit more advanced options in comparison to IPCop, but most would be out of place in a small environment anyway, and might only add complexity, anyway.

dd-wrt (http://www.dd-wrt.com) is a great platform for installing on a lot of mainstream wireless router hardware--it's a replacement firmware which provides much of what IPCop and pfSense provide. Since it's mainly intended to be used on diskless router hardware, and would require the purchase of additional equipment, it's probably not the best choice if you're working with limited funds and existing equipment.

Since you're planning on running a basic proxy with limited filtering, you definitely want to use a machine with a hard drive (not running from a USB key or compact flash card), regardless of which solution you chose. I would recommend at least a Pentium 3-class machine with 128 MB of RAM or more, and 540 MB HD or larger. If you're planning on having more than a few active clients at a time I definitely would go for more RAM.

Naturally, you will need two NIC's in the box, as well...

To answer your other question, with limited exposure, you're not necessarily exponentially increasing your risk in running both firewall and proxy services on the same box. In theory, though, the risk will be greater -- but ask yourself how much worse things would be if the church was not going to install a firewall at all (especially if the clients are Windows machines).

If you have the hardware, you certainly could setup one box to provide firewall services, and another to receive all requests for web traffic for proxy/filter services, but that can bet complicated fairly quickly.

There's a bunch of other options out there, too, but the above are the ones I've had a lot of experience using, and feel are good solutions.

Overall, I really would recommend you try IPCop and see what you think of it. There's a fairly active community around it (http://www.ipcops.com), and it's probably going to be the easiest one for you both to get running and have others assist in maintaining.